Support » Fixing WordPress » SiteLock-PHP-FILEHACKER-oz.UNOFFICIAL FOUND

  • I am not able to file malicious code in my server…..

    There is a error in all of my domains and sub domains i have hosted on bluehost.in… I have tryied every option and scanned it from every virus scanner..but i am not able to find any error….
    But while uploading the files to my server i am getting…this error

    The file you uploaded, functions.php, contains a virus so the upload was canceled: SiteLock-PHP-FILEHACKER-of.UNOFFICIAL FOUND

    Please help.. as i am in a great loss…

    If any one require function.php code i can mail it on your id..

    [moderator note: Please do not distribute malicious code!]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    I looked at what you uploaded in that other thread. It has malicious code at the top — the thing where it test for a password. Your sites are hacked.

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.

    Steve i am not able to excess any of my website beacause this malicious code is all of my domains so i quarantine these files…now until and unless i delete this code from all the below files. i wont be able to access my website.
    So i wont be able to install any of the plugins you mentioned. i have to delete them offline…Please let me know the way to delete this…

    public_html/ehplindia.org/wp-content/themes/houzez/functions.php: quarantining......done
    public_html/ehplindia.org/wp-content/themes/twentyfifteen/functions.php: quarantining......done
    public_html/ehplindia.org/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/ehplindia.org/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/ehplindia.org/wp-includes/post.php: quarantining......done
    public_html/ehplindia.org/wp-includes/class.wp.php: quarantining......done
    public_html/techsacorp.com/wp-content/themes/the-seo/functions.php: quarantining......done
    public_html/techsacorp.com/wp-content/themes/twentyfifteen/functions.php: quarantining......done
    public_html/techsacorp.com/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/techsacorp.com/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/techsacorp.com/wp-content/themes/dt-the7/functions.php: quarantining......done
    public_html/techsacorp.com/wp-includes/post.php: quarantining......done
    public_html/techsacorp.com/wp-includes/class.wp.php: quarantining......done
    public_html/tatavalue-homes.com/wp-content/themes/twentyfifteen/functions.php: quarantining......done
    public_html/tatavalue-homes.com/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/tatavalue-homes.com/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/tatavalue-homes.com/wp-includes/post.php: quarantining......done
    public_html/tatavalue-homes.com/wp-includes/class.wp.php: quarantining......done
    public_html/gayatri-life.co.in/wp-content/themes/twentyfifteen/functions.php: quarantining......done
    public_html/gayatri-life.co.in/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/gayatri-life.co.in/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/gayatri-life.co.in/wp-includes/post.php: quarantining......done
    public_html/gayatri-life.co.in/wp-includes/class.wp.php: quarantining......done
    public_html/gpanditg.com/wp-content/themes/twentyfifteen/functions.php: quarantining......done
    public_html/gpanditg.com/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/gpanditg.com/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/gpanditg.com/wp-content/plugins/wpeddit-plugin-SE/js/setting.php: quarantining......done
    public_html/gpanditg.com/wp-includes/post.php: quarantining......done
    public_html/gpanditg.com/wp-includes/class.wp.php: quarantining......done
    public_html/alphathumnoida.info/wp-content/themes/twentysixteen/functions.php: quarantining......done
    public_html/alphathumnoida.info/wp-content/themes/twentyseventeen/functions.php: quarantining......done
    public_html/alphathumnoida.info/wp-includes/post.php: quarantining......done
    public_html/alphathumnoida.info/wp-includes/class.wp.php: quarantining......done
    public_html/sahaeminence150noida.in/wp-includes/post.php: quarantining......done
    public_html/projectssector150noida.in/wp-includes/post.php: quarantining......done
    .trash/bridge/includes/import/files/bridge28/bridge_content_10.xml: quarantining......done
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    Please read the procedure(s) I linked to. Do not try to fix files. Delete them and replace with known good copies from wordpress.org. A PC-based virus checker is NOT going to fix this for you.

    And, as I noted above, “If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.”

    @shalabh12345, has the site been suspended at this point? If so, is FTP still enabled? Your host will most likely reinstate FTP access upon request if disabled. Before deleting or overwriting any data, I strongly recommend performing at very least a database backup to ensure the text in your posts is saved, as well as a compressed file backup if you have a safe location to store it. Once you have a backup of the current site on ice, move toward remediation steps.

    If you’re going the route of self-repair, a website malware scanner is strongly recommended to verify results. If you’re not able to complete the clean-up yourself, many of the vendors that provide scanning services also provide malware removal services. In addition to the companies mentioned by Steve, SiteLock, the company whose database was used to identify the malware you mentioned (SiteLock-PHP-FILEHACKER-oz.UNOFFICIAL), is also a provider of scanning and removal services.

    [ Signature moderated ]

    • This reply was modified 3 years, 8 months ago by Logan Kipp.
    • This reply was modified 3 years, 8 months ago by Jan Dembowski.

    If the quarantining is correct, and it isn’t always, it looks like malicious code has been placed in the functions.php of the various themes on the websites, which is pretty common piece of a hack of a WordPress website. If you compare one of those files to the file from a fresh copy of the same theme that hasn’t been on the website then you should be able to see what changes have been made. The malicious code is usually the same across the functions.php files for all of the themes.

    The list of files in the second message, also includes files from the /wp-includes/ directory and one from a plugin. So cleaning the functions.php file in the themes is only part of what it looks like you need to be done for the cleanup portion of a proper cleanup here.

    I have resolved the issue myself….thanks guys…thanks alot

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘SiteLock-PHP-FILEHACKER-oz.UNOFFICIAL FOUND’ is closed to new replies.